IOC Report
na.elf

loading gif

Files

File Path
Type
Category
Malicious
na.elf
ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header
initial sample
 malicious
/tmp/qemu-open.6gTeXG (deleted)
data
dropped
/tmp/qemu-open.9utNmr (deleted)
ASCII text
dropped

Processes

Path
Cmdline
Malicious
/tmp/na.elf
/tmp/na.elf
/tmp/na.elf
-
/tmp/na.elf
-
/tmp/na.elf
-
/bin/sh
sh -c "iptables -A INPUT -p tcp --destination-port 23 -j DROP"
/bin/sh
-
/usr/sbin/iptables
iptables -A INPUT -p tcp --destination-port 23 -j DROP
/tmp/na.elf
-
/bin/sh
sh -c "iptables -A INPUT -p tcp --destination-port 7547 -j DROP"
/bin/sh
-
/usr/sbin/iptables
iptables -A INPUT -p tcp --destination-port 7547 -j DROP
/tmp/na.elf
-
/bin/sh
sh -c "iptables -A INPUT -p tcp --destination-port 5555 -j DROP"
/bin/sh
-
/usr/sbin/iptables
iptables -A INPUT -p tcp --destination-port 5555 -j DROP
/tmp/na.elf
-
/bin/sh
sh -c "iptables -A INPUT -p tcp --destination-port 5358 -j DROP"
/bin/sh
-
/usr/sbin/iptables
iptables -A INPUT -p tcp --destination-port 5358 -j DROP
/tmp/na.elf
-
/bin/sh
sh -c "iptables -D INPUT -j CWMP_CR"
/bin/sh
-
/usr/sbin/iptables
iptables -D INPUT -j CWMP_CR
/tmp/na.elf
-
/bin/sh
sh -c "iptables -X CWMP_CR"
/bin/sh
-
/usr/sbin/iptables
iptables -X CWMP_CR
/tmp/na.elf
-
/bin/sh
sh -c "iptables -I INPUT -p udp --dport 53681 -j ACCEPT"
/bin/sh
-
/usr/sbin/iptables
iptables -I INPUT -p udp --dport 53681 -j ACCEPT
There are 21 hidden processes, click here to show them.

Domains

Name
IP
Malicious
daisy.ubuntu.com
162.213.35.25
router.bittorrent.com
unknown
router.utorrent.com
unknown

Memdumps

Base Address
Regiontype
Protect
Malicious
7f0e978dd000
page read and write
7f0e985a9000
page read and write
7f0e98480000
page read and write
7ffc265ea000
page execute read
7f0e985f6000
page read and write
7f0e97f2e000
page read and write
7f0e985b1000
page read and write
7ffc265ea000
page execute read
7f0e10435000
page execute read
7f0e97f2e000
page read and write
7ffc26437000
page read and write
55df15d77000
page execute read
55df19003000
page read and write
7f0e9829f000
page read and write
7f0e985f6000
page read and write
7f0e985b1000
page read and write
55df16009000
page read and write
55df18fe3000
page read and write
7f0e1047b000
page read and write
7f0e9829f000
page read and write
7f0e97f51000
page read and write
7ffc26437000
page read and write
55df18007000
page execute and read and write
55df18007000
page execute and read and write
7f0e978cf000
page read and write
7f0e90000000
page read and write
55df15fff000
page read and write
7f0e90021000
page read and write
7f0e978dd000
page read and write
7f0e985a9000
page read and write
7f0e90000000
page read and write
7f0e1047b000
page read and write
7f0e10160000
page execute and read and write
7f0e97f51000
page read and write
7f0e970c7000
page read and write
55df1801e000
page read and write
7f0e10160000
page execute and read and write
55df15fff000
page read and write
55df1801e000
page read and write
7f0e97f6e000
page read and write
7f0e97f6e000
page read and write
55df16009000
page read and write
7f0e978cf000
page read and write
7f0e10435000
page execute read
7f0e97b8d000
page read and write
55df18fe3000
page read and write
55df15d77000
page execute read
7f0e90021000
page read and write
7f0e97b8d000
page read and write
7f0e970c7000
page read and write
7f0e98480000
page read and write
There are 41 hidden memdumps, click here to show them.